News Item

Log4j vulnerability - update from the CSIRTs Network

The EU CSIRTs Network has been closely following the development of the Log4Shell situation since 10 December 2021.

Published on January 21, 2022

The EU CSIRTs Network held its first call on Log4j and escalated to "Alert Cooperation Mode" on 13 December 2021. Between 10 December and 12 January 2022, the CSIRTs Network Members continued to exchange information, published relevant advisories and met four times to discuss the results of two reporting surveys and national situations.

The CSIRTs Network members also actively contributed to updating the list of vulnerable software, which is maintained by the Dutch National Cyber Security Centre and continue to update advisories for the benefit of their constituencies.

On 12 January 2022, based on the data collected, the national reporting and in the absence of large-scale or cross-border incidents, the EU CSIRTs Network decided to move back to default cooperation mode in relation to the log4j/log4shell vulnerability.

For more information on the latest advisories published by CSIRTs Network Members visit:


The CSIRTs Network is a network composed of EU Member States’ appointed CSIRTs and CERT-EU (“CSIRTs Network members”). The secretariat is provided by the EU Agency for Cybersecurity (ENISA).

On 15 December the European Commission, the EU Agency for Cybersecurity, CERT-EU and the CSIRTs Network issued a joint statement on Log4j.

Stay updated - subscribe to RSS feeds of both ENISA news items & press releases!

News items:


This site uses cookies to offer you a better browsing experience.
Aside from essential cookies we also use tracking cookies for analytics.
Find out more on how we use cookies.

Accept all cookies Accept only essential cookies